| /openbmc/bmcweb/redfish-core/include/ |
| H A D | privileges.hpp | 42 * @brief A vector of all privilege names and their indexes
43 * The privilege "OpenBMCHostConsole" is added to users who are members of the
44 * "hostconsole" user group. This privilege is required to access the host
62 * unique privilege name.
64 * A bit is set if the privilege is required (entity domain) or granted
85 for (const char* privilege : privilegeList) in Privileges() local
87 if (!setSinglePrivilege(privilege)) in Privileges()
89 BMCWEB_LOG_CRITICAL("Unable to set privilege {} in constructor", in Privileges()
90 privilege); in Privileges()
96 * @brief Sets given privilege in the bitset
[all …]
|
| /openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/User/ |
| H A D | PrivilegeMapper.interface.yaml | 2 Implement this interface to set the privilege of the user based on the group
3 name. The users in the group will inherit the privilege mapping of the
8 unique number generated by the application. If the privilege mapping already
11 privilege for a mapping which already exists, the Privilege property in the
13 application consuming the privilege mapping should not cache the object path
21 Creates a mapping for the group to the privilege.
26 Group Name to which the privilege is to be assigned. In the case
29 - name: Privilege
32 The privilege associated with the group. The set of available
35 be thrown if the privilege is invalid. Additional documentation
[all …]
|
| H A D | PrivilegeMapperEntry.interface.yaml | 2 Implement to provide privilege for the group.
8 Group Name to which the privilege is to be assigned. In the case of
14 - name: Privilege
17 One of the privilege as defined by
20 thrown if the privilege is invalid. Additional documentation on
21 privilege is available here.
|
| /openbmc/openbmc-test-automation/redfish/account_service/ |
| H A D | test_ipmi_redfish_user.robot | 73 Update User Privilege Via Redfish And Verify Using IPMI
74 [Documentation] Update user privilege via Redfish and verify using IPMI.
77 # Create user using Redfish with admin privilege.
87 # Update user privilege to operator using Redfish.
91 # Verify new user privilege level via IPMI.
134 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege
151 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege
167 Update User Privilege To Operator Via IPMI And Verify Using Redfish
168 [Documentation] Update user privilege to operator via IPMI and verify using Redfish.
170 # Create user using IPMI with admin privilege.
[all …]
|
| H A D | test_redfish_privilege_registry.robot | 2 Documentation Script to test Redfish privilege registry with various users
10 Suite Setup Create And Verify Various Privilege Users
33 Verify Redfish Privilege Registry Properties
34 [Documentation] Verify the Redfish Privilege Registry properties.
39 # Get the complete Privilege Registry URL
40 ${url}= Get Redfish Privilege Registry json URL
44 # Verify the Privilege Registry Resource.
47 # "Name": "Privilege Mapping array collection",
57 Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection
64 Verify Redfish Privilege Registry Mappings Properties For Account Service
[all …]
|
| H A D | test_ldap_configuration.robot | 148 Verify LDAP User With Admin Privilege Able To Do BMC Reboot
149 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
156 # With LDAP user and with right privilege trying to do BMC reboot.
162 Verify LDAP User With Operator Privilege Able To Do Host Poweroff
163 [Documentation] Verify that LDAP user with operator privilege can do host
166 [Teardown] Restore LDAP Privilege
172 # Verify that the LDAP user with operator privilege is able to power the system off.
210 Verify LDAP User With Read Privilege Able To Check Inventory
211 [Documentation] Verify that LDAP user with read privilege able to
214 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
[all …]
|
| /openbmc/phosphor-user-manager/phosphor-ldap-config/ |
| H A D | ldap_mapper_entry.hpp | 26 * @brief This D-Bus object represents the privilege level for the LDAP group.
38 /** @brief Constructs LDAP privilege mapper entry object.
44 * @param[in] privilege - the privilege for the group
45 * @param[in] parent - LDAP privilege mapper manager
49 const std::string& privilege, Config& parent);
51 /** @brief Constructs LDAP privilege mapper entry object
56 * @param[in] parent - LDAP privilege mapper manager
61 /** @brief Delete privilege mapper entry object
63 * This method deletes the privilege mapper entry.
75 /** @brief Update privilege associated with LDAP group
[all …]
|
| H A D | ldap_config.hpp | 201 /** @brief Creates a mapping for the group to the privilege
203 * @param[in] groupName - Group Name to which the privilege needs to be
205 * @param[in] privilege - The privilege role associated with the group.
207 * @return On success return the D-Bus object path of the created privilege
210 ObjectPath create(std::string groupName, std::string privilege) override;
212 /** @brief Delete privilege mapping for LDAP group
214 * This method deletes the privilege mapping
220 /** @brief Check if LDAP group privilege mapping requested is valid
222 * Check if the privilege mapping already exists for the LDAP group name
231 /** @brief Check if the privilege level is a valid one
[all …]
|
| H A D | ldap_mapper_entry.cpp | 18 const std::string& privilege, Config& parent) : in LDAPMapperEntry() argument
23 Interfaces::privilege(privilege, true); in LDAPMapperEntry()
53 std::string LDAPMapperEntry::privilege(std::string value) in privilege() function in phosphor::ldap::LDAPMapperEntry
55 if (value == Interfaces::privilege()) in privilege()
61 auto val = Interfaces::privilege(value); in privilege()
|
| /openbmc/openbmc-test-automation/gui/test/access_control/ |
| H A D | test_obmc_gui_local_users.robot | 22 ${xpath_select_privilege} //select[@id="privilege"]
33 Page should contain View privilege role descriptions
89 [Arguments] ${username} ${password} ${privilege}=Administrator
95 # privilege User privilege.
99 Add User Details ${username} ${password} ${privilege} ${account_status}
103 [Arguments] ${username} ${password} ${privilege} ${account_status}
108 # privilege User privilege.
120 Select User Privilege ${privilege}
123 Select User Privilege
124 [Documentation] Select user privilege.
[all …]
|
| /openbmc/openbmc-test-automation/ipmi/ |
| H A D | test_ipmi_user.robot | 78 # Set admin privilege and enable IPMI messaging for newly created user.
79 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
200 # Set admin privilege and enable IPMI messaging for newly created user
201 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
252 Test IPMI User Privilege Level
253 [Documentation] Verify IPMI user with user privilege can only run user level commands.
255 [Template] Test IPMI User Privilege
259 #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
263 Test IPMI Operator Privilege Level
264 [Documentation] Verify IPMI user with operator privilege can only run user and
[all …]
|
| H A D | test_ipmi_general.robot | 135 FOR ${privilege} IN 4 3 2
136 # Input Channel Privilege Level
137 ${channel} ${privilege}
163 Verify Set Session Privilege Level via IPMI Raw Command
164 [Documentation] Set session privilege with given privilege level and verify the response with
167 [Template] Set Session Privilege Level And Verify
176 Verify Set Invalid Session Privilege Level Via IPMI Raw Command
177 [Documentation] Verify set invalid session privilege level via IPMI raw command.
179 [Template] Set Invalid Session Privilege Leve
[all...] |
| /openbmc/phosphor-host-ipmid/user_channel/ |
| H A D | cipher_mgmt.hpp | 52 * privilege levels
54 * @param[in] csPrivilegeLevels - gets filled by cipher suite privilege
65 * suite privilege levels
67 * @param[in] csPrivilegeLevels - cipher suite privilege levels to update
95 /** @brief convert to cipher suite privilege from string to value
97 * @param[in] value - privilege value
99 * @return cipher suite privilege index
103 /** @brief function to convert privilege value to string
105 * @param[in] value - privilege value
107 * @return privilege in string
[all …]
|
| /openbmc/openbmc-test-automation/openpower/localuser/ |
| H A D | test_ipmi_redfish_user.robot | 23 Create IPMI User Without Any Privilege And Verify Via Redfish
24 [Documentation] Create user using IPMI without privilege and verify user privilege
34 # Verify new user privilege level via Redfish.
35 ${privilege}= Redfish.Get Attribute
37 Valid Value privilege ['ReadOnly']
120 Update User Privilege Via Redfish And Verify Using IPMI
121 [Documentation] Update user privilege via Redfish and verify using IPMI.
124 # Create user using Redfish with admin privilege.
140 # Update user privilege to readonly using Redfish.
144 # Verify new user privilege level via IPMI.
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/ |
| H A D | PrivilegeRegistry.v1_1_5.json | 62 … "description": "List mapping between HTTP methods and privilege required for the resource.",
63 …on": "This property shall list the mapping between HTTP methods and the privilege required for the…
66 "description": "The privilege overrides of properties within a resource.",
70 …"longDescription": "This property shall contain the privilege overrides of properties, such as the…
74 "description": "The privilege overrides of resource URIs.",
78 …"longDescription": "This property shall contain the privilege overrides of resource URIs. The tar…
82 "description": "The privilege overrides of the subordinate resource.",
86 …"longDescription": "This property shall contain the privilege overrides of the subordinate resourc…
133 "description": "The privilege required to complete an HTTP `DELETE` operation.",
137 …"longDescription": "This property shall contain the privilege required to complete an HTTP `DELETE…
[all …]
|
| /openbmc/phosphor-net-ipmid/command/ |
| H A D | session_cmds.hpp | 20 * IPMI Request data for Set Session Privilege Level command
39 * IPMI Response data for Set Session Privilege Level command
58 * @brief Set Session Privilege Command
61 * the session is set to an initial privilege level. A session that is
62 * activated at a maximum privilege level of Callback is set to an initial
63 * privilege level of Callback and cannot be changed. All other sessions are
64 * initially set to USER level, regardless of the maximum privilege level
67 * This command cannot be used to set a privilege level higher than the lowest
68 * of the privilege level set for the user(via the Set User Access command) and
69 * the privilege limit for the channel that was set via the Set Channel Access
[all …]
|
| H A D | rakp12.cpp | 109 * 6) Requested Privilege Level - 1 byte in RAKP12()
152 // As stated in Set Session Privilege Level command in IPMI Spec, when in RAKP12()
154 // be established with USER privilege as well as all other sessions are in RAKP12()
155 // initially set to USER privilege, regardless of the requested maximum in RAKP12()
156 // privilege. in RAKP12()
157 if (!(static_cast<session::Privilege>( in RAKP12()
159 session::Privilege::CALLBACK)) in RAKP12()
165 session->currentPrivilege(static_cast<uint8_t>(session::Privilege::USER)); in RAKP12()
168 static_cast<session::Privilege>(request->req_max_privilege_level); in RAKP12()
245 if (session->sessionUserPrivAccess.privilege > in RAKP12()
[all …]
|
| /openbmc/phosphor-net-ipmid/ |
| H A D | comm_module.cpp | 25 session::Privilege::HIGHEST_MATCHING, in sessionSetupCommands()
30 session::Privilege::HIGHEST_MATCHING, in sessionSetupCommands()
35 session::Privilege::HIGHEST_MATCHING, in sessionSetupCommands()
41 session::Privilege::HIGHEST_MATCHING, in sessionSetupCommands()
47 session::Privilege::HIGHEST_MATCHING, in sessionSetupCommands()
49 // Set Session Privilege Command in sessionSetupCommands()
53 session::Privilege::USER, in sessionSetupCommands()
59 session::Privilege::CALLBACK, in sessionSetupCommands()
68 iter.command, iter.functor, iter.privilege, iter.sessionless)); in sessionSetupCommands()
|
| H A D | command_table.hpp | 56 session::Privilege privilege; member
110 * Every commands has a privilege level which mentions the minimum session
111 * privilege level needed to execute the command
117 Entry(CommandID command, session::Privilege privilege) : in Entry() argument
118 command(command), privilege(privilege) in Entry()
142 return privilege; in getPrivilege()
154 // Specifies the minimum privilege level required to execute this command
155 session::Privilege privilege; member in command::Entry
173 session::Privilege privilege, bool sessionless) : in NetIpmidEntry() argument
174 Entry(command, privilege), functor(functor), sessionless(sessionless) in NetIpmidEntry()
|
| H A D | sol_module.cpp | 18 session::Privilege::HIGHEST_MATCHING, in registerCommands()
24 session::Privilege::USER, in registerCommands()
30 session::Privilege::USER, in registerCommands()
36 session::Privilege::USER, in registerCommands()
42 session::Privilege::USER, in registerCommands()
51 iter.command, iter.functor, iter.privilege, iter.sessionless)); in registerCommands()
|
| /openbmc/openbmc-tools/openbmctool/ |
| H A D | README.md | 202 ### Add privilege mapping
205 openbmctool.py <connection options> ldap privilege-mapper create --groupName=<groupName> --privileg…
208 ### Delete privilege mapping
211 openbmctool.py <connection options> ldap privilege-mapper delete --groupName=<groupName>
214 ### List privilege mapping
217 openbmctool.py <connection options> ldap privilege-mapper list
225 - Configure user privilege.
230 privilege mapping for the LDAP credentials then the user will get the following
233 403, 'LDAP group privilege mapping does not exist'.
235 Action: Add the privilege (refer to the section "Add privilege mapping")
[all …]
|
| /openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/ |
| H A D | test_user_management_sub_menu.robot | 25 ${xpath_privilege_list_button} //*[@data-test-id='userManagement-select-privilege']
56 Page should contain View privilege role descriptions
107 Verify User Access Privilege
108 [Documentation] Create a new user with a privilege and verify that user is created.
119 Verify Operator User Privilege
120 [Documentation] Create users with different access privilege
160 # Get random username and user privilege level.
171 Test Modifying User Privilege Of Existing User Via GUI
172 …[Documentation] Modify user privilege of existing user via GUI and verify the changes using Redfi…
176 # Get random username and user privilege level.
[all …]
|
| /openbmc/linux/Documentation/devicetree/bindings/powerpc/ |
| D | ibm,powerpc-cpu-features.txt | |
| /openbmc/docs/designs/ |
| H A D | redfish-authorization.md | 21 The Redfish authorization model consists of the privilege model and the
22 operation-to-privilege mapping.
24 In the privilege model, there are fixed set of standard Redfish roles and each
30 The operation-to-privilege mapping is defined for every resource type and
34 request. The Redfish Forum provides a Privilege Registry definition in its
35 official registry collection as a base operation-to-privilege mapping. It also
42 resource only requires the `Login` privilege. On the other hand, the same peer
44 POST operation on certificates requires `ConfigureManager` privilege that the
53 1. <https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#privilege-model>
54 2. <https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#redfish-service-operation-to-privilege-map…
[all …]
|
| /openbmc/webui-vue/src/views/SecurityAndAccess/UserManagement/ |
| H A D | ModalUser.vue | 102 :label="$t('pageUserManagement.modal.privilege')"
103 label-for="privilege"
106 id="privilege"
107 v-model="form.privilege"
109 data-test-id="userManagement-select-privilege"
110 :state="getValidationState(v$.form.privilege)"
112 @input="v$.form.privilege.$touch()"
121 <template v-if="v$.form.privilege.required.$invalid">
271 privilege: null,
299 this.form.privilege = value.privilege;
[all …]
|